" While CleanWipe is not a “secret” utility, it is a very powerful one. The reason Symantec requests that people engage technical support to get this utility is because of the potential to remove more than intended (for example, all AV from an entire environment). As a best practice, we have recommended that users as well as partners consult with tech support to ensure that it is being used in the best way for that specific situation and environment.

After thoughtful consideration and conversation we have determined that Symantec’s best practice recommendation for the availability and usage of CleanWipe remains for users and/or partners to engage Technical Support prior to using this tool. We kept this recommendation because of the security risks to users and environments beyond what may be initially intended.

CleanWipe has a specific use. Generally speaking, users should be able to use Add/Remove Programs to uninstall SEP. CleanWipe exists for those situations where Add/Remove programs may not solve the users problems. CleanWipe used by an inexperienced technician can result in loss of functionality beyond what is intended which could cause severe customer dissatisfaction. By working with Support we can ensure that the CleanWipe tool is being used appropriately and with full understanding of the situation that can help mitigate potential misapplication."

In reality, it doesn't work that way. I submitted an online ticket to support and they just gave me access to download it. There may have been something in the email about using it correctly, but there was no email exchange or phone call to ensure I knew how to use it, so no offense, but the explanation given is just garbage.

Support should know that not everyone has access to open a ticket with them, and not everyone has access to download files from FileConnect, so it isn't as if everyone would be getting access to this "dangerous" tool.

Generally speaking, if we need to use CleanWipe, we need it now. We don't need it in three days, or however long it takes to contact Support. Give me the tool, and I'll decide which technician is capable of using it. I'll decide how dangerous it is, and I'll decide whether or not it needs to be used.

Frankly, we have heard that for years, "it is a very powerful one". I wish you guys would get it through your heads, we don't care how "powerful" you think it is, WE NEED IT, and we are sick and tired of having to jump through hoops to get it. When a system is screwed up, you making us call is not going to make it any less screwed up, and more to the point, I have NEVER ONCE had anyone actually give me any warnings when I DID CALL to get it. They just give it to me, so it can't be THAT powerful.

I have been a professional IT guy for 18 years, and I am willing to bet that I have been using and supporting Symantec's various versions of anti-virus longer than most Symantec employees. The problem with your, and excuse me, IDIOTIC argument is that virtually EVERYONE here is a freaking professional. We don't NEED your help beyond access to the latest version, unless WE ASK FOR IT.

PLEASE start putting it under the File Connect area. I am damn tired of going through the garbage EVERY time I need this. I have installed this product on so many thousands of user computers, but I am ready to start looking for another product.

Sincerely,

Kevin Cotreau

P.S. Yes, I am ANGRY, maybe not at you, but at this STUPID, MORONIC policy some idiot came up with!

I thiunk part of the issue is making sure this tool gets into the right hands. We have some users who regularly try to get rid of the SEP client, especially if we use it to block access or if the user feels that it might be "slowing down the computer". We have the password turned on so users cannot use add/remove (many users have MORE than just regular user rights). This tool allows one to completely remove the client without need for the password. I agree that access to FILE CONNECT should be able to able to control who should have access.unless someone can come up with a reason not to.

If it is under File Connect, the only ones, who should have access to that in your organization is your IT staff. There are loads of versions on the Internet for download, but inevitably, it seems like I always need the newest one, and that can be harder to find, so I have to waste my time with their support.

Two comments regarding your users trying to remove SEP: First, I am a bit surprised that you have users that even know about the Clean Wipe Tool; and second, if you do have users trying to uninstall your AV client, you have an issue that should be addressed by management. Management needs to make it clear that circumventing anti-virus can put the whole organization at risk, and could be cause for punishment up to, and including, termination.

Well, Kevin, some of our users are what we call "Prima Donnas". Executives that can get away with whatever. Many are also IT. Most of the above have admin rights. True, if the tool is under File Connect, that should be an acceptable solution.

Other users can search the internet and find out about this tool. Right now, the password to uninstall holds off most of the attempts (including those made by the "big boss") as well as tamper protection.

My "point" was that those who say that cleanwipe is not a dangerous tool need to realize that this tool needs to stay away from the end user community. So, in a sense, it can be dangerous when used by the wrong users and also can be dangerous if used in a situation where full rights are not available.

I don't think it is as bad as Symantec makes it out to be assuming it is used in the right hands and there is no "other" issue that can cause it to make things worse by missing a few things. Other than that, it should be easier to get. Maybe part of it is that Symantec needs to know when the normal uninstall (add/remove) is not working as they may be having an underlying issue. That is, in theory, if you can't unistall using add/remove, maybe Symantec may want to find out why. However, if you just call and they send it to you, it defeats that purpose. I also agree that if you need the tool, you need it quickly.

This needs access to write to the registry and to the file structure. It is definitely something you do NOT want your end users playing with. Especially if you don't want them uninstalling your SEP stuff.

Here's the email I received from Support, with password and URL removed:

=========================

Thank you for contacting Symantec Enterprise Support Services. It is highly recommended that manual uninstallation be tried before using the Symantec Endpoint Protection (SEP) removal tool. Please review the below instructions for the manual uninstall process.

Note: Instructions are viewable by double clicking the Readme.txt file.

If the tool fails to run as expected or it problems occur when running the tool, it is highly recommended that you remove it manually.

Disclaimer:

Cleanwipe is an unsupported utility, it is recommended to test it in a non-production environment before using it in a production system. Please use this tool at your own risk. As a precaution, create a backup of the OS before using the utility.

Cleanwipe has the potential of adversely affecting other Symantec/Norton programs you may want to keep. You may have to re-install these programs if they become unstable.

Cleanwipe has the potential to make Windows Registry changes. Any change to your registry can potentially affect the way Windows operates so please backup any important data as a precaution.

Please understand that since Cleanwipe is not supported, Symantec Support will be unable to formally assist you in fixing any issues that arise from the use of this utility.

***NOTICE: This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.***

Is there a plan to introduce silent switch for this version? This version works perfect, but I would like to automate deployment of this utility... And the MSI batch uninstaller WILL NOT WORK for me. Please consider customer feedback and enable the silent switch. Thank you.

3. When you are prompted, browse to a location where you want the files to be copied and then click Start to extract the files.

If you click Start without selecting a location, the files are extracted to the Windows\Temp folder.

4. If you are asked if you want to run CleanWipe now, click No.

5. Open a command prompt and change directory to the CleanWipe\app folder.

6. Type the following command:

RunCleanWipe -silent

7. CleanWipe then uses its defaults to run without any user input.

Note: When running CleanWipe On the Microsoft Vista operating system you must run as administrator.

[/quote]

Its not a question of usefulness either, if it cannot do that, because we install and uninstall SEP with a sophisticated Software deployment system which has to execute all commandos silently if we don't want to do 'management by sneakers' or have the users help us out with clicking through the process.

A pioneering India-based Internet-solutions company. Our unique Full Service Provider (FSP) solutions model brings you the best of the worlds of Offshore Software Development, E-Business Products and Interactive Media.

its fine that Tamper Protection does not get in the way, but I need the Silent Switch for another matter.

I have to deploy SEP with our software delivery System and I want to execute the CleanWipe tool the same way. Not as a general uninstall tool, but as a Workaround. Manual execution is - because of the multitude of clients - not possible...

To be frank, I only have to use it because the SEP installation fails with dubious errors where neither installation nor uninstallation works anymore... in some very hard cases there was even no network connection possible afterwards... :(

The way I see it, I can't update to 12.1.3 now without loosing some sleep and stressing my fellow admins :(

At this moment we are supporting/troubleshooting a situation with a big customer where we have a lot of failing 12.1 RU1 / RU2 installations. We need to uninstall these real quick as testing proved we need to do a full uninstall before installing RU3. Using SEPM is not 100% fool-proven and manual action on 800+ computers ????
We wanted to use Altiris to run 12.1.3001.165_RU3_RTM.CleanWipe UNATTENDED / SILENT.

CleanWipe.exe seems not to have a -silent parameter and the old way of catching the RunCleanWipe.bat is not valid anymore. Who decided this? He/she/them are not from the real world. This is a feature-request!

If you get the version for 12.1.3, it should handle all previous versions. If you get the 12.1.2 version, it will only handle the cleanwiping for version 12.1.2 and earlier. So, you really only need the latest version.

I am unable to manually uninstall/change SEP install. It always ends up with Fatal error. The issue exists on many machines. CleanWipe tool does the work but I cannot manually run the installer on 100's of machines. Support is not very helpful telling me that I have to use the CleanWipe tool. I need the process to be automated so that distribution server can handle the task.

I just need to uninstall and reinstall SEP 12.1 RU3 as on console I continue to see orange icon with deployment status as Install Failed, rolled back. Reinstalling SEP using package even does not allow me to alter the current install.